The Mary Sue » UDIDshttp://www.themarysue.com
The Nexus of Pop Culture and the Uncharted UniverseTue, 03 Mar 2015 20:18:24 +0000en-UShourly1http://wordpress.org/?v=2015.10Blue Toad Claims AntiSec’s Leaked Apple UDIDs Are From Themhttp://www.themarysue.com/blue-toad-udids/
http://www.themarysue.com/blue-toad-udids/#commentsMon, 10 Sep 2012 18:38:43 +0000http://www.geekosystem.com/?p=115838
Remember those Apple UDIDsleaked by AntiSec last week? A publishing firm known as Blue Toad has come forward saying that the million leaked by the anonymous collective was actually stolen from their database. After some rudimentary checking, Blue Toad found that the data released had a 98% correlation with their own.]]>

Remember those Apple UDIDsleaked by AntiSec last week? A publishing firm known as Blue Toad has come forward saying that the million leaked by the anonymous collective was actually stolen from their database. After some rudimentary checking, Blue Toad found that the data released had a 98% correlation with their own.

Blue Toad CEO Paul DeHart broke the news to NBC about it being their data, but that doesn’t entirely rule out some kind of FBI involvement. Even though they are positive that it’s their data, they can’t say for certain how it ended up in the hands of AntiSec. Due to being unsure of how the data was accessed in the first place, it’s hard to say in what way it was shared and with whom.

DeHart said he could not rule out the possibility that the data stolen from his company’s servers was shared with others, and eventually made its way onto an FBI computer. He also said that he doesn’t know who took the data.

]]>http://www.themarysue.com/blue-toad-udids/feed/1AntiSec Leaks 1,000,001 Apple UDIDs Obtained From FBI Laptophttp://www.themarysue.com/antisec-apple-leak/
http://www.themarysue.com/antisec-apple-leak/#commentsTue, 04 Sep 2012 12:30:46 +0000http://www.geekosystem.com/?p=114890
In what looks to be one of the worst privacy disasters yet, the hacking collective known as AntiSec has released a list of 1,000,001 Apple Unique Device Identifiers (UDIDs) that they've allegedly obtained from an FBI breach. This is supposedly from a much larger cache of 12 million UDIDs that the group managed to purloin during their raid. Not only did the files include the UDIDs, but many of these had other identifying information attached, such as usernames, cell phone numbers, and addresses. Lovely.]]>

In what looks to be one of the worst privacy disasters yet, the hacking collective known as AntiSec has released a list of 1,000,001 Apple Unique Device Identifiers (UDIDs) that they’ve allegedly obtained from an FBI breach. This is supposedly from a much larger cache of 12 million UDIDs that the group managed to purloin during their raid. Not only did the files include the UDIDs, but many of these had other identifying information attached, such as usernames, cell phone numbers, and addresses. Lovely.

How, exactly, did they manage to snatch such a glorious list? This is obviously a huge win for anyone looking to expose exactly what kind of information the United States government keeps on folks. AntiSec’s manifesto clearly summarizes how they obtained the file in the first place:

During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of “NCFTA_iOS_devices_intel.csv” turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.

The takeaway here is that the information stems from the second week of March, so it’s about seven months old at least. The file name, if AntiSec’s account is to be considered accurate, could refer to the National Cyber-Forensics & Training Alliance, a non-profit corporation that brings together the public and private sector in order to fight cyber crime. Even so, the FBI’s intended use for such data is nebulous at best, regardless of the charges leveled at them by AntiSec. That doesn’t mean AntiSec’s wrong; it just means that the evidence isn’t yet damning enough.

Luckily for anyone wanting to search the 1,000,001 UDIDs, Sean MacGuire has already taken it upon himself to create a tool with which they can do so. Even if a specific UDID fails to pop, that doesn’t mean it isn’t sitting in the much larger list that AntiSec has kept for themselves at the moment.